提交 44a0033f 编写于 作者: C Christoph Hellwig 提交者: Linus Torvalds

[PATCH] remove jfs xattr permission checks

remove checks now in the VFS
Signed-off-by: NChristoph Hellwig <hch@lst.de>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
上级 e0ad7b07
...@@ -758,36 +758,23 @@ static int can_set_system_xattr(struct inode *inode, const char *name, ...@@ -758,36 +758,23 @@ static int can_set_system_xattr(struct inode *inode, const char *name,
static int can_set_xattr(struct inode *inode, const char *name, static int can_set_xattr(struct inode *inode, const char *name,
const void *value, size_t value_len) const void *value, size_t value_len)
{ {
if (IS_RDONLY(inode)) if (!strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
return -EROFS;
if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
return -EPERM;
if(strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN) == 0)
/*
* "system.*"
*/
return can_set_system_xattr(inode, name, value, value_len); return can_set_system_xattr(inode, name, value, value_len);
if(strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN) == 0) /*
return (capable(CAP_SYS_ADMIN) ? 0 : -EPERM); * Don't allow setting an attribute in an unknown namespace.
*/
#ifdef CONFIG_JFS_SECURITY if (strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN) &&
if (strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) &&
== 0) strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN) &&
return 0; /* Leave it to the security module */ strncmp(name, XATTR_OS2_PREFIX, XATTR_OS2_PREFIX_LEN))
#endif
if((strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN) != 0) &&
(strncmp(name, XATTR_OS2_PREFIX, XATTR_OS2_PREFIX_LEN) != 0))
return -EOPNOTSUPP; return -EOPNOTSUPP;
if (!S_ISREG(inode->i_mode) && if (!S_ISREG(inode->i_mode) &&
(!S_ISDIR(inode->i_mode) || inode->i_mode &S_ISVTX)) (!S_ISDIR(inode->i_mode) || inode->i_mode &S_ISVTX))
return -EPERM; return -EPERM;
return permission(inode, MAY_WRITE, NULL); return 0;
} }
int __jfs_setxattr(tid_t tid, struct inode *inode, const char *name, int __jfs_setxattr(tid_t tid, struct inode *inode, const char *name,
...@@ -957,22 +944,6 @@ int jfs_setxattr(struct dentry *dentry, const char *name, const void *value, ...@@ -957,22 +944,6 @@ int jfs_setxattr(struct dentry *dentry, const char *name, const void *value,
return rc; return rc;
} }
static int can_get_xattr(struct inode *inode, const char *name)
{
#ifdef CONFIG_JFS_SECURITY
if(strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) == 0)
return 0;
#endif
if(strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN) == 0)
return (capable(CAP_SYS_ADMIN) ? 0 : -EPERM);
if(strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN) == 0)
return 0;
return permission(inode, MAY_READ, NULL);
}
ssize_t __jfs_getxattr(struct inode *inode, const char *name, void *data, ssize_t __jfs_getxattr(struct inode *inode, const char *name, void *data,
size_t buf_size) size_t buf_size)
{ {
...@@ -983,12 +954,8 @@ ssize_t __jfs_getxattr(struct inode *inode, const char *name, void *data, ...@@ -983,12 +954,8 @@ ssize_t __jfs_getxattr(struct inode *inode, const char *name, void *data,
ssize_t size; ssize_t size;
int namelen = strlen(name); int namelen = strlen(name);
char *os2name = NULL; char *os2name = NULL;
int rc;
char *value; char *value;
if ((rc = can_get_xattr(inode, name)))
return rc;
if (strncmp(name, XATTR_OS2_PREFIX, XATTR_OS2_PREFIX_LEN) == 0) { if (strncmp(name, XATTR_OS2_PREFIX, XATTR_OS2_PREFIX_LEN) == 0) {
os2name = kmalloc(namelen - XATTR_OS2_PREFIX_LEN + 1, os2name = kmalloc(namelen - XATTR_OS2_PREFIX_LEN + 1,
GFP_KERNEL); GFP_KERNEL);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册